CISA has added CVE-2026-6973, an improper input validation vulnerability in Ivanti Endpoint Manager Mobile (EPMM), to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal Civilian Executive Branch (FCEB) agencies are mandated to remediate this vulnerability per BOD 22-01, and all organizations are strongly urged to prioritize patching to reduce exposure to cyberattacks.